Cryptology the art of hiding data

From payment cards to e-passports and storage in the Cloud – data encryption is everywhere. Why? How? We find out more…

His name was Alan Mathison Turing. It might not mean much to you, despite the success of his biopic, The Imitation Game. But this British mathematician hastened the Allied victory in the Second World War by tirelessly poring over the enemy’s encoded messages… Until he managed to decipher them. This battle for secrets began long before Turing. Going back to Antiquity, mankind has invented systems to make their communications unintelligible and so restrict their recipients. In his secret correspondence, Julius Caesar replaced each letter of the original text with a letter a set number of places away in the alphabet. Later, to hide his notes from prying eyes, Leonardo da Vinci acquired the habit of writing from right to left.

Cryptology, which literally means “the science of secrecy”

The Second World War ushered in a technological revolution however. For the first time, mechanical methods made it possible to achieve an unparalleled level of complexity compared with manual techniques. An example of this was the Enigma machine, invented to protect information communicated between Axis forces. However, it was unable to withstand the scrutiny of Turing and his teams, who managed to use mathematical reasoning to guess its settings each day. To do this they invented the precursor of the modern computer, in order to massively intensify the power of their attacks by doing the job of thousands of code-breakers.

This revolution continued with the emergence of the first computers. Automation of encryption and attacks was accompanied by the birth of a scientific discipline, cryptology, which literally means “the science of secrecy”.

ENCRYPTION AND AUTHENTICATION

Modern cryptology offers a range of tools and techniques, two of which are now a big part of our daily lives: encryption, discussed above, and authentication.

Encryption makes it possible to create a “tunnel” between two people, ensuring that the information which passes between them is incomprehensible to third parties. This is what happens, for example, when you present your e-passport at a border, since the exchanges with the scanner involve sensitive information such as your biometric data.

“To protect the confidentiality of your personal data, your passport uses an encryption algorithm to transform it into an incomprehensible message, or vice versa providing you have the necessary key,” explains Marc Bertin, CTO of OT

Authentication, meanwhile, makes it possible to check that you are communicating with the right person. This is a technology used every day by your web browser, whenever the address bar begins “https”, indicating that cryptology is being used. This enables your computer to check that it is communicating with the right site. To do this, your browser sends a “challenge” to the site, which must respond with a valid electronic “signature”. This signature proves that the site is genuine.

Digital tools are now all around us. In response to the need to protect our data and our communications, cryptology is now built into a range of everyday software, in the chip of your e-passport or driving license, your payment card or your smartphone’s SIM card.

“At OT, unless specifically requested by our customers, we work on known algorithms which have been tried and tested by mathematicians for decades, thereby ensuring optimal resistance. However, a safe algorithm can become ineffective if wrongly implemented or if it is unsuitable for the use in question. Our role is therefore to implement algorithms while protecting them from all potential attacks, including by a hacker trying to understand the ‘mechanism’ in order to then extract the key. To do this, we establish counter measures suited to each target (smartphones, smartcards, etc.) and the contexts in which they are used.”

NEW CHALLENGES

What next? The Internet – already a ubiquitous part of our daily lives – is fast becoming the “Internet of Things”. Connected objects are set to become an increasing part of our environment – from sensors on vehicles and roads, to fitness detectors, etc. – opening new prospects for technological innovations such as driverless cars.

The Internet of Things will also increase the number of data exchanged and stored in the Cloud. This represents a further challenge for cryptology since more and more objects will need to authenticate themselves and the data exchanged will need to be secured. “Today, innovative objects all present possible security flaws, with potentially devastating consequences. But we already have the capability to secure these objects by offering suitable cryptographic services,” continues Marc Bertin. “The challenge lies in our ability to provide an optimum level of security, whether or not the object has an embedded secure element, and to block increasingly sophisticated attacks. We also must comply with environmental constraints by offering light cryptology suitable for small, highly integrated objects and, importantly, which use little energy.”

The challenge lies in our ability to provide an optimum level of security

In the medium term, it is highly likely that cryptology will face another challenge. A new type of computer – the quantum computer – is currently the object of major investments at numerous research laboratories around the world. Although these quantum computers are not very powerful at present, they present a threat to cryptology in its current form. Indeed, algorithms which completely demolish existing systems’ security have already been written and are only waiting for a reasonably powerful quantum computer to be put into action! When will such a computer be available? Nobody yet knows, but Marc Bertin is convinced that “super computers” do not represent any real threat “since alternative security measures, designed to resist these computers and so referred to as post-quantum, are already being studied.” This should ensure that our data can continue to be protected for many more years to come.